<![CDATA[Dual WAN IPSec with BGP]]>Hello all, I have the following setup and I would like to know how it is better to configure my pfsense devices.

Site A
Dual WAN pfsense - Provider X & Provider Y

Site B
Dual WAN pfsense - Provider X & Provider Y

Two IPSec tunnels between site A and site B

IPSec 1: Site A provider X with Site B Provider X
IPSec 2: Site A Provider Y with Site B Provider Y

both IPSec tunnels are Routed IPSec and for both of them I am using BGP (I configured two BGP neighbors in every side).

My problem is that every time that I am configuring the second IPSec and I configure the BGP neighbor, I loose connectivity.

Am I doing something wrong in the configuration? What I want to achieve is having BGP taking care of any line failure and send the traffic to the other IPSec when the one IPSec is down. So basically I need it for failover.

Thank you in advance.

]]>https://forum.netgate.com/topic/161774/dual-wan-ipsec-with-bgpRSS for NodeWed, 15 Apr 2026 22:16:26 GMTFri, 05 Mar 2021 13:45:04 GMT60<![CDATA[Reply to Dual WAN IPSec with BGP on Thu, 29 Apr 2021 20:23:56 GMT]]>@metisit Still no progress as I am facing some other issues here.

Honestly I start thinking to revert to normal static IPSec, but the fact that I won't have to step in in the middle of a "crisis" and let BGP do its job, keeps my faith to this configuration.

As soon as I solve the other issue that I have, I will give it a shot.

According to Netgate support, what I mention at the beginning is totally reasonable and can happen.

I'll keep you posted.

Chris

]]>https://forum.netgate.com/post/980585https://forum.netgate.com/post/980585Thu, 29 Apr 2021 20:23:56 GMT<![CDATA[Reply to Dual WAN IPSec with BGP on Thu, 22 Apr 2021 23:09:23 GMT]]>@christ i am looking for a good solution to that use case as well. any progress on your side?

]]>https://forum.netgate.com/post/979425https://forum.netgate.com/post/979425Thu, 22 Apr 2021 23:09:23 GMT